Malware writers continue to find new and inventive ways to infiltrate credit union computer networks and get past traditional security systems that were designed to stop them. Over the last year we’ve witnessed cyber criminals direct their efforts on a specific target with the primary goal of financial gain. What was once only an annoyance has morphed into a multi-billion dollar global enterprise. Not surprisingly, the characteristics of this new breed of malware involve a far more sophisticated approach that is not easily stopped.
In the old days malware was designed to spread rapidly through an organization’s network and cause various issues, from damaging data to causing an internal distributed denial of service (DDoS). A DDoS is an attack where multiple compromised systems (which are usually infected with a Trojan) are used to target a single system. In this scenario, all a security professional had to do was up-date patches or close specific ports related to the attack in order to prevent the further spread of malware.
This is simply not the way malware operates anymore and explains why many presume the epidemic has disappeared altogether. However, that is far from the case.
There are no loud, massive epidemics associated with this new type of financially motivated malware. Rather, a majority of this malware infects users silently without their knowledge. For example, there is a high volume of targeted threats currently affecting members–cyber criminals are using a wide range of techniques to capture confidential information. This information is then used illegally in several ways: credit card scams; printing fake ATM cards; purchasing goods with stolen credit cards and then selling it at discounted prices; and a host of other scams.
These Trojans are designed to work with the authentication mechanisms incorporated by the credit union for online banking. For example a number of these Trojans inject non-existent fields into the live transaction to capture additional information that the credit union normally would not ask for.
There are even some cases of Trojans hijacking sessions in real-time and sending funds to accounts other then originally intended. While this all may seem like a bleak outlook in regards to the current state of affairs, it is the reality in which we live today.
But how widespread is this problem? More than 50% of the detections within today’s leading anti-virus labs, including PandaLabs, are related to Trojans of some form or another. These are mostly banker Trojans designed to steal confidential information.
Furthermore, according to a research study recently conducted by PandaLabs on a sample population of 1.5 million consumer PCs that had up-to-date enabled protection, 22% were infected with active malware. The study continued to articulate that the corporate side had a much worse infection rate at 72%. This statistic was derived out of a population of over 2,000 companies, including large credit unions, banks and other enterprise users.
These findings prove that companies and their customers are becoming more infected than ever with undetectable malware that has completely different motives than the days of the Melissa Virus or Code Red. Therefore, the credit union and banking industries, along with the broader security community, all need to look at the current challenges facing security professionals today in terms of defending against this new malware. We also need to devise new strategies when dealing with these problems.
One obvious challenge for credit unions is protecting members from on-line fraud. This is particularly difficult, especially when their own tools provide only limited insight into the malware landscape affecting their members.
Your defenses are only as good as the knowledge you have regarding threats that affect you.
In fact credit unions usually get information regarding phishing and Trojan sites many hours after their members have become infected and some volume of information has been stolen.
Security technologies currently employed by major credit unions are simply not as effective as they should be. All too often, organized cyber-gangs find ways to defeat these mechanisms, which include virtual keyboards and site keys.
These Trojans have evolved from simple key-logging to extremely sophisticated techniques that work with almost every major financial institution. For example, a banker Trojan known as Limbo incorporated sophisticated methods for stealing credentials for specific credit unions and banks. Trojans are being designed to adapt to the processes involved in providing access to the user.
Cyber-gangs are only going to evolve their malware even more to adapt to changes within the industry and to sneak past new security mechanisms developed by organizations. Given this new threat landscape, constantly investing money in developing authentication and other security mechanisms to fool the Trojans is no longer viable. As the low-hanging fruit for today’s highly sophisticated cyber crime groups, credit unions need to look at new technologies and establish best practices capable of detecting and preventing the fraudulent activity associated with banker Trojans.
Ryan Sherstobitoff is chief corporate evangelist of Panda Security. He can be reached at ryans
